def run(self, is_all=None, target=None, tid=None, pid=None): if bool(is_all) is True: logging.info('[START] Scan all projects') scan.Scan().all() logging.info('[END] Scan all projects') else: if target is None: logging.critical("Please set --target param") sys.exit() if tid is not None: task_id = tid # Start Time For Task t = CobraTaskInfo.query.filter_by(id=tid).first() if t is None: logging.critical("Task id doesn't exists.") sys.exit() if t.status not in [0, 1]: logging.critical("Task Already Scan.") sys.exit() t.status = 1 t.time_start = int(time.time()) t.updated_at = time.strftime('%Y-%m-%d %X', time.localtime()) try: db.session.add(t) db.session.commit() except Exception as e: logging.error("Set start time failed" + str(e.message)) else: task_id = None if os.path.isdir(target) is not True: logging.critical('Target is not directory') sys.exit() from engine import static static.Static(target, task_id=task_id, project_id=pid).analyse()
def run(self, target=None, tid=None, pid=None): if target is None: log.critical("Please set --target param") sys.exit() if tid is not None: task_id = tid # Start Time For Task t = CobraTaskInfo.query.filter_by(id=tid).first() if t is None: log.critical("Task id doesn't exists.") sys.exit() if t.status not in [0, 1]: log.critical("Task Already Scan.") sys.exit() t.status = 1 t.time_start = int(time.time()) t.updated_at = time.strftime('%Y-%m-%d %X', time.localtime()) try: db.session.add(t) db.session.commit() except Exception as e: log.error("Set start time failed" + str(e.message)) else: task_id = None target_type = self.parse_target(target) if target_type is False: log.error(""" Git Repository: must .git end SVN Repository: can http:// or https:// Directory: must be local directory File: must be single file or tar.gz/zip/rar compress file """) from engine import static s = static.Static(target, task_id=task_id, project_id=pid) if target_type is 'directory': s.analyse() elif target_type is 'compress': from utils.decompress import Decompress # load an compressed file. only tar.gz, rar, zip supported. dc = Decompress(target) # decompress it. And there will create a directory named "222_test.tar". dc.decompress() s.analyse() elif target_type is 'file': s.analyse() elif target_type is 'git': from pickup.GitTools import Git g = Git(target, branch='master') g.get_repo() if g.clone() is True: s.analyse() else: log.critical("Git clone failed") elif target_type is 'svn': log.warning("Not Support SVN Repository")
def vul(self, extensions, val_types): target_files = self.files() # Detection Developer Language if ".php" in target_files and ".java" not in target_files: language = 'php' elif ".php" not in target_files and ".java" in target_files: language = 'java' elif ".php" in target_files and ".java" in target_files: if target_files[".php"] > target_files['.java']: language = 'php' else: language = 'java' elif ".php" not in target_files and ".java" not in target_files: print("Not support the language") # s = static.Static(language) static.Static(extensions).analyse() for ext in extensions: # {'file_count': 1, 'file_list': []} target_files_ext = target_files[ext]
def test_rule(): vc = ValidateClass(request, 'rid', 'pid') ret, msg = vc.check_args() if not ret: return jsonify(code=4004, message=msg) # all projects if int(vc.vars.pid) == 0: project_directory = os.path.join(config.Config('upload', 'directory').value, 'versions') else: project = CobraProjects.query.filter(CobraProjects.id == vc.vars.pid).first() if 'gitlab' in project.repository or 'github' in project.repository: username = config.Config('git', 'username').value password = config.Config('git', 'password').value gg = git.Git(project.repository, branch='master', username=username, password=password) clone_ret, clone_err = gg.clone() if clone_ret is False: return jsonify(code=4001, message='Clone Failed ({0})'.format(clone_err)) project_directory = gg.repo_directory else: project_directory = project.repository data = static.Static(project_directory, project_id=vc.vars.pid, rule_id=vc.vars.rid).analyse(test=True) data = '\r\n'.join(data) return jsonify(code=1001, message=data)
def test_static_analyse(self): s = static.Static('php', ['php']) s.analyse()